ISHACK AI BOT

Debian: CVE-2021-23176: odoo -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-23176 CVE - 2021-23176 DSA-5399-1

Debian: CVE-2021-23203: odoo -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-23203 CVE - 2021-23203 DSA-5399-1

Debian: CVE-2021-26263: odoo -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-26263 CVE - 2021-26263 DSA-5399-1

Huawei EulerOS: CVE-2023-2269: kernel security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/25/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-2269 CVE - 2023-2269 EulerOS-SA-2023-2383

FreeBSD: VID-D2C6173F-E43B-11ED-A1D7-002590F2A714 (CVE-2023-29007): git -- Multiple vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 05/05/2023 Added 04/27/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) freebsd-upgrade-package-git freebsd-upgrade-package-git-lite freebsd-upgrade-package-git-tiny References CVE-2023-29007

Huawei EulerOS: CVE-2023-29007: git security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/30/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) huawei-euleros-2_0_sp10-upgrade-git huawei-euleros-2_0_sp10-upgrade-git-help References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 EulerOS-SA-2023-2380

Huawei EulerOS: CVE-2023-25815: git security update Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/30/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) huawei-euleros-2_0_sp10-upgrade-git huawei-euleros-2_0_sp10-upgrade-git-help References https://attackerkb.com/topics/cve-2023-25815 CVE - 2023-25815 EulerOS-SA-2023-2380

Huawei EulerOS: CVE-2023-0045: kernel security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 04/25/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-0045 CVE - 2023-0045 EulerOS-SA-2023-1978

Rocky Linux: CVE-2023-25652: git (RLSA-2023-3246) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) rocky-upgrade-git rocky-upgrade-git-core rocky-upgrade-git-core-debuginfo rocky-upgrade-git-credential-libsecret rocky-upgrade-git-credential-libsecret-debuginfo rocky-upgrade-git-daemon rocky-upgrade-git-daemon-debuginfo rocky-upgrade-git-debuginfo rocky-upgrade-git-debugsource rocky-upgrade-git-subtree References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 https://errata.rockylinux.org/RLSA-2023:3246

Alpine Linux: CVE-2023-25652: Path Traversal Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 https://security.alpinelinux.org/vuln/CVE-2023-25652

SUSE: CVE-2023-30549: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/25/2023 Created 08/20/2024 Added 08/19/2024 Modified 01/28/2025 Description Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf.This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts.(Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files.The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. Solution(s) suse-upgrade-apptainer suse-upgrade-apptainer-leap suse-upgrade-apptainer-sle15_5 suse-upgrade-apptainer-sle15_6 suse-upgrade-libsquashfuse0 suse-upgrade-squashfuse suse-upgrade-squashfuse-devel suse-upgrade-squashfuse-tools References https://attackerkb.com/topics/cve-2023-30549 CVE - 2023-30549

Rocky Linux: CVE-2023-29007: git (RLSA-2023-3246) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) rocky-upgrade-git rocky-upgrade-git-core rocky-upgrade-git-core-debuginfo rocky-upgrade-git-credential-libsecret rocky-upgrade-git-credential-libsecret-debuginfo rocky-upgrade-git-daemon rocky-upgrade-git-daemon-debuginfo rocky-upgrade-git-debuginfo rocky-upgrade-git-debugsource rocky-upgrade-git-subtree References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 https://errata.rockylinux.org/RLSA-2023:3246

Ubuntu: (Multiple Advisories) (CVE-2023-25652): Git vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) ubuntu-pro-upgrade-git References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 USN-6050-1 USN-6050-2

SUSE: CVE-2023-25815: SUSE Linux Security Advisory Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 04/25/2023 Created 05/05/2023 Added 04/27/2023 Modified 01/28/2025 Description In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-25815 CVE - 2023-25815

Debian: CVE-2021-23186: odoo -- security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 04/25/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. Solution(s) debian-upgrade-odoo References https://attackerkb.com/topics/cve-2021-23186 CVE - 2021-23186 DSA-5399-1

FreeBSD: VID-C676BB1B-E3F8-11ED-B37B-901B0E9408DC (CVE-2023-30609): element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/25/2023 Created 05/05/2023 Added 04/26/2023 Modified 01/28/2025 Description matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection. Solution(s) freebsd-upgrade-package-element-web References CVE-2023-30609

SUSE: CVE-2023-29007: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 05/05/2023 Added 04/27/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007

Amazon Linux 2023: CVE-2023-29007: Medium priority package update for git Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user&apos;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection. Solution(s) amazon-linux-2023-upgrade-git amazon-linux-2023-upgrade-git-all amazon-linux-2023-upgrade-git-core amazon-linux-2023-upgrade-git-core-debuginfo amazon-linux-2023-upgrade-git-core-doc amazon-linux-2023-upgrade-git-credential-libsecret amazon-linux-2023-upgrade-git-credential-libsecret-debuginfo amazon-linux-2023-upgrade-git-cvs amazon-linux-2023-upgrade-git-daemon amazon-linux-2023-upgrade-git-daemon-debuginfo amazon-linux-2023-upgrade-git-debuginfo amazon-linux-2023-upgrade-git-debugsource amazon-linux-2023-upgrade-git-email amazon-linux-2023-upgrade-git-gui amazon-linux-2023-upgrade-git-instaweb amazon-linux-2023-upgrade-gitk amazon-linux-2023-upgrade-git-p4 amazon-linux-2023-upgrade-git-subtree amazon-linux-2023-upgrade-git-svn amazon-linux-2023-upgrade-gitweb amazon-linux-2023-upgrade-perl-git amazon-linux-2023-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-29007 CVE - 2023-29007 https://alas.aws.amazon.com/AL2023/ALAS-2023-180.html

Amazon Linux 2023: CVE-2023-25652: Medium priority package update for git Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. Solution(s) amazon-linux-2023-upgrade-git amazon-linux-2023-upgrade-git-all amazon-linux-2023-upgrade-git-core amazon-linux-2023-upgrade-git-core-debuginfo amazon-linux-2023-upgrade-git-core-doc amazon-linux-2023-upgrade-git-credential-libsecret amazon-linux-2023-upgrade-git-credential-libsecret-debuginfo amazon-linux-2023-upgrade-git-cvs amazon-linux-2023-upgrade-git-daemon amazon-linux-2023-upgrade-git-daemon-debuginfo amazon-linux-2023-upgrade-git-debuginfo amazon-linux-2023-upgrade-git-debugsource amazon-linux-2023-upgrade-git-email amazon-linux-2023-upgrade-git-gui amazon-linux-2023-upgrade-git-instaweb amazon-linux-2023-upgrade-gitk amazon-linux-2023-upgrade-git-p4 amazon-linux-2023-upgrade-git-subtree amazon-linux-2023-upgrade-git-svn amazon-linux-2023-upgrade-gitweb amazon-linux-2023-upgrade-perl-git amazon-linux-2023-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 https://alas.aws.amazon.com/AL2023/ALAS-2023-180.html

Huawei EulerOS: CVE-2023-25652: git security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) huawei-euleros-2_0_sp9-upgrade-git huawei-euleros-2_0_sp9-upgrade-git-help References https://attackerkb.com/topics/cve-2023-25652 CVE - 2023-25652 EulerOS-SA-2023-2332

Red Hat: CVE-2023-29007: arbitrary configuration injection when renaming or deleting a section from a configuration file (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/25/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/30/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. Solution(s) redhat-upgrade-emacs-git redhat-upgrade-emacs-git-el redhat-upgrade-git redhat-upgrade-git-all redhat-upgrade-git-bzr redhat-upgrade-git-core redhat-upgrade-git-core-debuginfo redhat-upgrade-git-core-doc redhat-upgrade-git-credential-libsecret redhat-upgrade-git-credential-libsecret-debuginfo redhat-upgrade-git-cvs redhat-upgrade-git-daemon redhat-upgrade-git-daemon-debuginfo redhat-upgrade-git-debuginfo redhat-upgrade-git-debugsource redhat-upgrade-git-email redhat-upgrade-git-gnome-keyring redhat-upgrade-git-gui redhat-upgrade-git-hg redhat-upgrade-git-instaweb redhat-upgrade-git-p4 redhat-upgrade-git-subtree redhat-upgrade-git-svn redhat-upgrade-gitk redhat-upgrade-gitweb redhat-upgrade-perl-git redhat-upgrade-perl-git-svn References CVE-2023-29007 RHSA-2023:3243 RHSA-2023:3245 RHSA-2023:3246 RHSA-2023:3247 RHSA-2023:3248 RHSA-2023:3263 View more

invscout RPM Privilege Escalation Disclosed 04/24/2023 Created 05/18/2023 Description This module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to command injection with effective-uid root privileges. This module has been tested successfully on AIX 7.2. Author(s) Tim Brown bcoles <[email protected]> Platform AIX,Unix Architectures cmd Development Source Code History

Ubuntu: (Multiple Advisories) (CVE-2023-2269): Linux kernel (OEM) vulnerabilities Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 04/25/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1123-oracle ubuntu-upgrade-linux-image-4-15-0-1144-kvm ubuntu-upgrade-linux-image-4-15-0-1154-gcp ubuntu-upgrade-linux-image-4-15-0-1160-aws ubuntu-upgrade-linux-image-4-15-0-1169-azure ubuntu-upgrade-linux-image-4-15-0-216-generic ubuntu-upgrade-linux-image-4-15-0-216-lowlatency ubuntu-upgrade-linux-image-4-4-0-1122-aws ubuntu-upgrade-linux-image-4-4-0-1123-kvm ubuntu-upgrade-linux-image-4-4-0-1160-aws ubuntu-upgrade-linux-image-4-4-0-244-generic ubuntu-upgrade-linux-image-4-4-0-244-lowlatency ubuntu-upgrade-linux-image-5-15-0-1025-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-nvidia ubuntu-upgrade-linux-image-5-15-0-1030-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-ibm ubuntu-upgrade-linux-image-5-15-0-1035-raspi ubuntu-upgrade-linux-image-5-15-0-1037-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1039-gcp ubuntu-upgrade-linux-image-5-15-0-1039-gke ubuntu-upgrade-linux-image-5-15-0-1039-kvm ubuntu-upgrade-linux-image-5-15-0-1040-oracle ubuntu-upgrade-linux-image-5-15-0-1041-aws ubuntu-upgrade-linux-image-5-15-0-1042-aws ubuntu-upgrade-linux-image-5-15-0-1043-azure-fde ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-79-generic ubuntu-upgrade-linux-image-5-15-0-79-generic-64k ubuntu-upgrade-linux-image-5-15-0-79-generic-lpae ubuntu-upgrade-linux-image-5-15-0-79-lowlatency ubuntu-upgrade-linux-image-5-15-0-79-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1021-iot ubuntu-upgrade-linux-image-5-4-0-1029-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1056-ibm ubuntu-upgrade-linux-image-5-4-0-1070-bluefield ubuntu-upgrade-linux-image-5-4-0-1076-gkeop ubuntu-upgrade-linux-image-5-4-0-1093-raspi ubuntu-upgrade-linux-image-5-4-0-1098-kvm ubuntu-upgrade-linux-image-5-4-0-1108-oracle ubuntu-upgrade-linux-image-5-4-0-1109-aws ubuntu-upgrade-linux-image-5-4-0-1112-gcp ubuntu-upgrade-linux-image-5-4-0-1115-azure ubuntu-upgrade-linux-image-5-4-0-162-generic ubuntu-upgrade-linux-image-5-4-0-162-generic-lpae ubuntu-upgrade-linux-image-5-4-0-162-lowlatency ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1014-oem ubuntu-upgrade-linux-image-6-2-0-1007-ibm ubuntu-upgrade-linux-image-6-2-0-1009-aws ubuntu-upgrade-linux-image-6-2-0-1009-azure ubuntu-upgrade-linux-image-6-2-0-1009-oracle ubuntu-upgrade-linux-image-6-2-0-1010-kvm ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-raspi ubuntu-upgrade-linux-image-6-2-0-1011-gcp ubuntu-upgrade-linux-image-6-2-0-27-generic ubuntu-upgrade-linux-image-6-2-0-27-generic-64k ubuntu-upgrade-linux-image-6-2-0-27-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-2269 CVE - 2023-2269 DSA-5448 DSA-5480 USN-6173-1 USN-6283-1 USN-6300-1 USN-6309-1 USN-6311-1 USN-6327-1 USN-6332-1 USN-6340-1 USN-6340-2 USN-6342-1 USN-6342-2 USN-6347-1 USN-6349-1 USN-6357-1 USN-6385-1 USN-6397-1 View more

Red Hat: CVE-2023-25652: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 04/25/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. Solution(s) redhat-upgrade-emacs-git redhat-upgrade-emacs-git-el redhat-upgrade-git redhat-upgrade-git-all redhat-upgrade-git-bzr redhat-upgrade-git-core redhat-upgrade-git-core-debuginfo redhat-upgrade-git-core-doc redhat-upgrade-git-credential-libsecret redhat-upgrade-git-credential-libsecret-debuginfo redhat-upgrade-git-cvs redhat-upgrade-git-daemon redhat-upgrade-git-daemon-debuginfo redhat-upgrade-git-debuginfo redhat-upgrade-git-debugsource redhat-upgrade-git-email redhat-upgrade-git-gnome-keyring redhat-upgrade-git-gui redhat-upgrade-git-hg redhat-upgrade-git-instaweb redhat-upgrade-git-p4 redhat-upgrade-git-subtree redhat-upgrade-git-svn redhat-upgrade-gitk redhat-upgrade-gitweb redhat-upgrade-perl-git redhat-upgrade-perl-git-svn References CVE-2023-25652 RHSA-2023:3243 RHSA-2023:3245 RHSA-2023:3246 RHSA-2023:3247 RHSA-2023:3248 RHSA-2023:3263 View more

Huawei EulerOS: CVE-2023-0045: kernel security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 04/25/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-0045 CVE - 2023-0045 EulerOS-SA-2023-1873